search

awslabs / sandbox-accounts-for-events

"Sandbox Accounts for Events" allows to provide multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI.
Apache License 2.0
172 stars 37 forks source link

Amplify failed to build #49

Closed BharathRedsecops closed 7 months ago

BharathRedsecops commented 9 months ago
{"Status": "FAILED", "Reason": "See the details in CloudWatch Log Stream: 2023/12/29/[$LATEST]95208e471041435aaa734b13fa4795d5", "PhysicalResourceId": "2023/12/29/[$LATEST]95208e471041435aaa734b13fa4795d5", "StackId": "arn:aws:cloudformation:us-east-1:409547238403:stack/Sandbox-Accounts-for-Events/3eb14090-a612-11ee-83fa-1232a2361c67", "RequestId": "f0a34649-b710-46d0-abf1-fe2a240f305a", "LogicalResourceId": "AppUiAmplifyDeployment", "NoEcho": "FAILED", "Data": {}} -- 1703831849932 AppUiAmplifyDeployment FAILED 2023/12/29/[$LATEST]95208e471041435aaa734b13fa4795d5 See the details in CloudWatch Log Stream: 2023/12/29/[$LATEST]95208e471041435aaa734b13fa4795d5 f0a34649-b710-46d0-abf1-fe2a240f305a arn:aws:cloudformation:us-east-1:409547238403:stack/Sandbox-Accounts-for-Events/3eb14090-a612-11ee-83fa-1232a2361c67 FAILED
moellr commented 9 months ago

I have just re-deployed the latest version (today's commit) without issues. Please undeploy and deploy the latest version again and let me know if that worked.

BharathRedsecops commented 9 months ago

Thank you working fine, can we generate accesskeys and username, password with api call instead of registering user from frontend

moellr commented 9 months ago

No, we want to enforce AWS Security Best Practices, therefore we are using IAM roles (assumed via the frontend application) instead of IAM users. As soon as a user has logged in, they can of course create IAM users with API access keys if needed.

BharathRedsecops commented 9 months ago

Yeah got it, in case if we want to validate the activity done by user or if we need snapshot then..?

On 02-Jan-2024 3:00 pm, moellr @.***> wrote:

No, we want to enforce AWS Security Best Practices, therefore we are using IAM roles (assumed via the frontend application) instead of IAM users. As soon as a user has logged in, they can of course create IAM users with API access keys if needed.

— Reply to this email directly, view it on GitHubhttps://github.com/awslabs/sandbox-accounts-for-events/issues/49#issuecomment-1873785870, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BBBAREIWQKIAD4ALP3IOJ3TYMPHUJAVCNFSM6AAAAABBGJJHESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZTG44DKOBXGA. You are receiving this because you authored the thread.Message ID: @.***>

moellr commented 9 months ago

If you need to validate anything in their account, you as operator can always into any account from the lease list (login icon in the right table column). If you need to grab an EBS snapshot, you could share it with your target account (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html) and create a copy of it(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html), so is not destroyed when the source account is nuked.

python7878 commented 8 months ago

Thank you, my idea is to prepare something like https://www.whizlabs.com/aws-sandbox/